Security: Why I’m in the top 1% of the LastPass Security Standing

If I had a dollar for every time someone asked me whether the cloud secure or not, I’d be running my own philanthropic foundation by now.

The reality is that while no system is 100% secure, there are some very simple steps everyone can take to make their own systems more secure. Today I want to talk about 3 simple steps non-technicians can do to secure their systems against attack.

1 – Use long passwords that are easy to remember

The simplest thing you can start doing today is to change your password from a short complicated word to a passphase. The article above explains it better than I can here. If you prefer video, check out Edward Snowden’s video below.

2 – Have a different password for every service

Most people i speak to are very proud of the fact that they have a different password for their bank to their other services. While I applaud this mentality, unfortunately their bank password is far less important than their email or even facebook password.

There have been numerous examples where people have thought they were talking to a loved one online when it was a bad guy using social engineering to get information to unlock an account.

Now I know what you’re thinking, I can barely remember one password, let alone 10 or 100. This is where a password manager comes in. A password manager allows you to store all your passwords securely and access them with just one login.

3 – Use Multi-Factor-Authentication as much as possible

MFA or 2FA as its also known, means you cannot login to a system without two or more things;

Something you have (phone, token etc)

Something you know (password)

Banks have used this for years. Commonwealth Bank sends out a notification on your phone through their app (or SMS) if you want to transfer money to someone else’s account.

In the picture above, the MFA apps I use are;

Authy

Lastpass Authenticator

Logmein Authenticator

Google Authenticator

There are other options on the market but you are probably going to use Google Authenticator for most services.

There are also options like Yubikey that you can use as well to secure your online services.

Conclusion

Increasingly it’s humans that will need to take ownership of their own security within an organisation. Its no longer good enough to leave all that stuff to the IT guys, it’s everyones responsibility to be safe with data in the workplace.

The good news is, with a few easy steps, you improve your security without a complicated technical knowhow.

Bonus tips

Offline passwords need to be more secure than online passwords.Because offline passwords can be guessed a trillion times a second without anyone ever being able to know what’s happening, you should have a more complex password offline than online. Remember our horse passphrase with 44 bits of entropy(randomness)? well you need a password with 70 to 80 bits of entropy in order to be reasonably assured of its security.

Want to know how secure your password is?Try putting your password (or something similar) into this checker online. I say something similar because no system is 100% secure.